Skip to content
Log in

Hunting hypothesis

Definition

A testable statement specifying what adversary behaviour might be present, which data source would show it, and what analytic would surface it. A hypothesis is the starting point for every structured hunt and must be specific enough to produce a falsifiable query.

Related terms

Dwell time
The period between an attacker gaining initial access and their detection. Reducing dwell time is a primary goal of threat hunting. The...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
MITRE ATT&CK
A publicly available knowledge base of adversary tactics, techniques, and procedures derived from real-world intrusion observations. Maintained by the MITRE Corporation. Techniques...
Tactics, Techniques, and Procedures (TTPs)
A three-level description of adversary behaviour. Tactics are the high-level goals (initial access, persistence, exfiltration). Techniques are the specific methods (spear-phishing, pass-the-hash)....
Threat hunting
A proactive, human-led process that searches for evidence of adversary activity in an environment under the assumption that automated controls have been...

Explained in

  • Proactive Threat Hunting MethodologyA testable statement specifying what adversary behaviour might be present, which data source would show it, and what analytic would surface it. A hypothesis is...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account